How to disable directory listing in Apache

AutoIndex module provides the directory listing capability for Apache. If it's installed and enabled, Apache will show the index of a path or URL if no DirectoryIndex files are present.

Example of common DirectoryIndex files are index.html, index.htm, index.php and welcome.html, configurable in Apache configuration file.

Directory listing is a helpful feature though some might want to disable it for security or any other reason.

You can prevent directory listing for Apache by disabling mod_autoindex, setting appropriate options in the Apache configuration file, or by using .htaccess file.

Methods to disable directory listing in Apache:

Disable mod_autoindex
Configure Directory's Options directive
Configure .htaccess

If you're hosting on platforms such as cPanel, you can use platform-specific methods to disable Apache's directory listing.

Disable Apache directory listing by disabling autoindex module

The easiest way is to disable the autoindex module entirely, and disabling the module would affect all the sites hosted on the server.

Launch your preferred terminal application

Disable autoindex module for Apache.

$ sudo a2dismod --force autoindex #Ubuntu, Debian and SUSE
Module autoindex disabled.
To activate the new configuration, you need to run:
  systemctl restart apache2

Distributions with a2dismod support can simply run the command above without having to manually disable the required modules.
LoadModule directive for the corresponding autoindex module need to be manually disabled by removing or commenting (by adding # at the beginning) the line in the configuration file.

Options	Debian, Ubuntu	openSUSE and SLES	Fedora Core, CentOS, RHEL	macOS	homebrew	xampp
a2dismod support	yes	yes	no	no	no	no
Modules to uninstall	none
Module name	n/a		autoindex
Loadmodule directive	n/a		#LoadModule autoindex_module <module_locations>/mod_autoindex.so

Restart Apache for the changes to take effect.

Related: How to manage Apache service

Disable Apache directory listing via Directory's Options directive

You can add -Indexes to Options directive in Apache's configuration file to fully disable directory listing, or add the same -Indexes option into Directory configuration to disable the feature per-directory.

Open Apache's configuration file using your preferred text editor.
```
$ sudo vi /etc/apache2/other/mysite.conf
```
The configuration could be set globally or from within VirtualHost configuration.

Related: Location for Apache VirtualHost configuration files
Add -Indexes to Options directive for required directory.
```
<Directory /var/www/mysite>
    Options -Indexes
</Directory>
```
Notice that it's -Indexes and not +Indexes
Restart Apache for the changes to take effect.

Related: How to manage Apache service

Disable Apache directory listing using .htaccess

If you don't have administrator access to the system or want to manage directory listing on a per-directory basis easily, you can use the above Options -Indexes directive in .htaccess files.

Open or create .htaccess file on the directory that you want to disable listing using your preferred text editor.
```
$ sudo vi /var/www/mysite/.htaccess
```
Add -Indexes to Options directive in the .htaccess file.
```
Options -Indexes
```

Author: Mohd Shakir Zakaria
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.

Discuss the article:

Comment anonymously. Login not required.